Cloud computing has evolved exponentially over the past decade and research indicates that by next year (2020) its global market will exceed US$241 billion – which is more than AU$356 billion. But as cloud computing opportunities have grown, so too have the security issues associated with it.
At the same time, it’s really no different from the security issues that threaten our homes and business premises. All that is required is good data management within a secure modern workplace.
Most people recognise the potential of cloud computing in terms of streaming music, storing photographs and videos, and downloading apps, but the cloud also offers enormous benefits for businesses, particularly small and medium-sized businesses (SMBs). Today, SMBs can access services and technologies that were only available to major companies a decade ago. But if security issues aren’t addressed, the benefits might be quickly compromised.
This is why data management is so important.
Of course, different businesses use and depend on different types of data, some more sensitive and “valuable” than other types. It may relate to customers, procedures, assets, liabilities, possibly even future business plans.
The bottom line is that if your business depends on any type of data, it needs to be protected. End of story.
Right now, the top five security issues SMBs are facing with cloud computing are:
- - Data governance
- - Hijack of accounts
- - Data loss
- - Denial of service attacks
- - Data breaches
Being aware of the dangers related to cloud computing is your first step to overcoming risks and keeping your business and its data safe.
Every business should have data governance in the form of rules that enable corporate services managers of SMBs to ensure data strategy is aligned with business strategy and that data assets are protected. It establishes a code of conduct that addresses vital areas including compliance, legality, and security.
Data governance ensures that the data captured for SMBs is both trustworthy and consistent. Above all else, good data governance ensures that data is classified correctly, according to its sensitivity, and is safeguarded to prevent data loss and leakage.
When it comes to cloud computing, the data governance plan will determine how content is migrated to the cloud without the risk of data breaches.
Account and service hijacking is basically a type of identity theft used by cybercriminals to obtain data that enables them to take over bank and other accounts. It is surprisingly common, usually via phishing (which is one of the simplest methods cybercriminals use) and spoof emails. Typical scams pretend you have won the lottery or inherited a fortune! One click on their link and they’re on their way to hijacking your accounts.
Less than a week ago, on September 23, news broke of high-profile, influential YouTube users within the car community who had been targeted by cybercriminals. It has been reported that it followed a “spear-phishing” campaign that targeted specific individuals. It wasn’t immediately clear what their intentions were.
In January, about 7.8 million passwords were stolen from the Twitch platform following a beach of the popular Town of Salem online game. Possibly due to automated account takeover bots, the hijackings resulted in “other accounts” being compromised.
There are many more examples of platforms that operate in the cloud where users have had accounts hijacked, some of which have ended in attempted (sometimes successful) blackmail. User names are sold, owners are extorted into paying for the release of their account, people are threatened with exposure of information found. Only good data management will avoid hijacking accounts. The Internet is a big place with dark corners and unknown plains. You need to be careful. Keep your software updated and be sure to enable two-factor authentication. Make sure your passwords are ultra-strong and don’t fall for con artists!
Also known as data leakage, data loss results in corrupt data that is unreadable and/or unusable. It may be caused by an attacker, by damage to a storage device (hardware malfunction), or by some kind of computer virus. Sometimes it is caused by corrupt software.
Corporate service managers need to be aware that hackers are capable of causing intentional data loss and that viruses include malware that has been designed to steal data and delete it.
However, because human error can also be a major factor, it can usually be prevented by implementing various data backup solutions and by utilizing security mechanisms.
Data loss is a potentially serious problem for any business, including SMBs, and can impact severely on the financial health of the business. While a good IT professional might be able to recover lost data, data loss can be incredibly expensive and disruptive, especially when it affects clients. But it is generally best for managers to put proper safeguards and precautions in place to prevent the possibility of it happening for any reason.
Denial of Service Attacks
Denial of service (DoS) attacks are carried out to make machines and/or networks inaccessible to users. They achieve this by flooding the target with information or traffic that triggers a crash. Whatever the reason for the attack, typical results include inaccessible and ineffective services as well as an interruption of network traffic and interference with the connection.
Historically, major companies are the focus of denial of service attacks, and because they can be engineered quite literally from anywhere, it is very difficult to find those responsible.
Distributed denial of service (DDoS) attacks have evolved from DoS attacks and are more complex and considerably more sophisticated in design and intention. Unlike regular denial of service attacks, they use just one device that is connected to the Internet to flood the target with malicious traffic. DDoS attacks are commonly used to disrupt servers, networks, and websites.
When data falls into the wrong hands it is regarded as a data breach. Unlike data loss, a data breach does not normally result in destruction or loss of the data. It also isn’t a threat or attack as such, but rather the result of a cyberattack that has allowed criminals to access data. Whatever sort of data is involved, data breaches can have serious repercussions in terms of individuals and clients an SMB deals with.
In Australia, the Privacy Act determines which data breaches are notifiable, for instance, if there has been unauthorised access to personal information. In 2019 alone, up till June, there were multiple data breach notifications that related to at least 44 specific incidents.
According to CSO in the U.S., the biggest data breach so far this century was against Yahoo in 2013 and it impacted 3 billion users. Described as the biggest data breach in history, it is said to have decreased the selling price of the company to Verizon by about $350 million. The next year, Marriott International suffered a data breach that impacted 500 million of their customers. It is not known how much real damage was caused.
Much more recently, Facebook suffered a data breach that impacted 420 million users.
These are big ones, but little ones happen daily!
So how does this affect cloud computing as such?
Impact of Cyber Crimes on Cloud Computing
Would it surprise you to learn that according to a survey undertaken six years ago, the majority of North American IT professionals believe using cloud-based services outweigh the benefits of the cloud?
Certainly, the cloud is invisible, which is ultra-scary, and which is why we have produced an ebook to help you come to terms with cybersecurity risks. You can download Cybersecurity Tips for Employees: A Complete Guide to Secure Behaviour HERE. It’s free and will help SMB corporate services managers address security issues within your SMB. We also have solid IT solutions for every type of business.